> TritonInfoSec News

# Archive

Browse past daily curated stories

Jun 24 Jun 23 Jun 21 Jun 20 Jun 19 Jun 18 Jun 17 Jun 16 Jun 15 Jun 14 Jun 13 Jun 12 Jun 11 Jun 10 Jun 09 Jun 08 Jun 07 Jun 06 Jun 02 May 31 May 30 May 29 May 28 May 27 May 26 May 24 May 23 May 22 May 21 May 20

Wednesday, June 24, 2026

  1. 1
    0
    The Hacker News general
    FortiBleed Targeted FortiGate Firewalls in 110 Million-Credential Harvesting Operation

    The 'FortiBleed' campaign, attributed to a Russian-speaking initial access broker (IAB) active since at least February 2026, has targeted over 430,000 FortiGate firewalls globally using a custom Golang-based credential sniffer, harvesting more than 110 million credentials. The operation involves collecting credential lists, scanning for exposed services, brute-forcing accessible systems, and deploying bespoke tooling. Security teams managing FortiGate deployments should treat this as an active, ongoing threat requiring immediate credential rotation and access review.

  2. 2
    0
    Krebs on Security threat-intel
    Scattered Spider Hackers Plead Guilty on Day 1 of Trial

    Two members of Scattered Spider pleaded guilty on day one of what was expected to be a six-week UK trial, admitting to the August 2024 cyberattack that crippled Transport for London (TfL) and disrupted public transport services for months. One defendant is 20 years old and the other 18, underscoring the youth of this prolific cybercrime group. The guilty pleas represent a significant law enforcement win against a group responsible for high-profile attacks across multiple sectors.

  3. 3
    0
    BleepingComputer general
    LastPass confirms data breach in Klue supply chain attack

    LastPass confirmed that attackers accessed customer data from its Salesforce environment after stealing the company's OAuth tokens in the Klue supply chain attack earlier in June 2026. This expands the scope of the Salesforce/Klue OAuth token compromise, now affecting a major password manager's customer data. Security teams should assess any third-party SaaS vendors using Klue for potential exposure and review OAuth token permissions across their Salesforce integrations.

  4. 4
    0
    The Hacker News general
    Trump Order Sets 2030 Deadline for Federal Post-Quantum Crypto Migration

    President Trump signed Executive Order 14409 on June 22, 2026, mandating that federal agencies migrate high-value assets and high-impact systems to post-quantum cryptography (PQC) by December 31, 2030, with digital signatures required to follow by December 31, 2031. The order dramatically shortens previously understood timelines and leaves national security systems on a separate track. Organizations with federal contracts or data-sharing agreements should treat this as a forcing function for their own PQC roadmap planning.

  5. 5
    0
    SecurityWeek general
    FFmpeg PixelSmash Flaw Allows RCE on Video Players, Media Servers, NAS Appliances

    A newly disclosed FFmpeg vulnerability dubbed 'PixelSmash' allows remote code execution via crafted media files in any application using FFmpeg's libavcodec library, including Jellyfin servers, and can trigger denial-of-service in Kodi, Emby, Nextcloud, PhotoPrism, and OBS Studio. Given FFmpeg's ubiquity across media servers, NAS appliances, and video players, the attack surface is extremely broad. Administrators running any of these applications should apply the FFmpeg patch immediately and audit media ingestion pipelines.

  6. 6
    0
    The Record threat-intel
    Five Eyes agencies sound alarm about AI’s threat to cybersecurity

    The Five Eyes intelligence alliance issued a joint alert warning that frontier AI models will reshape the cybersecurity threat landscape faster than previously anticipated, stating 'the timeline is not years, it is months.' The advisory mirrors growing expert consensus that AI is lowering the barrier for sophisticated attacks, particularly in vulnerability discovery and exploitation. Security practitioners should factor accelerated AI-enabled threat timelines into their 2026–2027 threat modeling and defensive investments.

  7. 7
    0
    BleepingComputer general
    FFmpeg fixes PixelSmash flaw in widely used video decoder

    The FFmpeg PixelSmash flaw enables RCE on Jellyfin servers under specific conditions and DoS in widely deployed platforms including Kodi, Emby, Nextcloud, PhotoPrism, and OBS Studio through specially crafted media files parsed by libavcodec. A patch has been issued and is available in the latest FFmpeg release. The breadth of affected consumer and enterprise media applications makes this a high-priority patching item for both home lab operators and enterprise media infrastructure teams.

  8. 8
    0
    Dark Reading general
    'Cordyceps': Mushrooming Malicious Pull Requests Threaten Developer Workflows

    A newly identified CI/CD attack pattern dubbed 'Cordyceps' exploits malicious pull requests to compromise developer workflows, and has been found affecting repositories belonging to Microsoft (Azure Sentinel), Google (AI Agent Development Kit), Apache (Doris analytics database), Cloudflare (Workers SDK), and the Python Software Foundation (Black formatter). The weakness stems from unsafe use of the 'pull_request_target' workflow trigger, which grants elevated privileges to external contributor code. DevSecOps teams should audit all GitHub Actions workflows using this trigger and apply mitigations aligned with GitHub's June 18, 2026 actions/checkout update.

  9. 9
    0
    BleepingComputer general
    Cisco Unified CM flaw CVE-2026-20230 now exploited in attacks

    CVE-2026-20230, a high-severity Server-Side Request Forgery (SSRF) vulnerability in Cisco Unified Communications Manager (Unified CM) Server, is now being actively exploited in attacks. Cisco Unified CM is widely deployed in enterprise telephony environments, making this a critical patching priority. Organizations running Cisco Unified CM should apply available patches immediately and review network logs for anomalous SSRF-pattern requests.

  10. 10
    0
    The Hacker News general
    WhatsApp VBScript Campaign Uses Fake Documents to Install ManageEngine RMM Tool

    An active campaign identified by Kaspersky is distributing malicious VBScript files via WhatsApp Desktop and WhatsApp Web messages across at least nine countries including Malaysia, Brazil, India, Mexico, Singapore, the UK, Spain, Taiwan, and Australia, ultimately installing ManageEngine RMM software for unauthorized remote access. The use of a legitimate RMM tool as the payload helps the malware evade detection and persist under the guise of trusted software. Security teams should add detection rules for unsanctioned ManageEngine deployments and alert on VBScript execution originating from messaging application contexts.